Displaying items by tag: Ciscohttp://www.fudzilla.com
Fri, 09 Dec 2016 16:30:17 +0100MYOBen-gb92 percent of workloads will be on the cloudhttp://www.fudzilla.com/news/42098-92-per-cent-of-workloads-will-be-on-the-cloud
http://www.fudzilla.com/news/42098-92-per-cent-of-workloads-will-be-on-the-cloud

Cisco predicts it will be off our desktops by 2020

Networking giant Cisco’s latest Global Cloud Index suggests that more than 92 percent of computer processing will be done in cloud centres by 2020.

Cisco number crunchers think that growing demand for cloud and online services means 92 percent of applications and workloads will run in large-scale, cloud data centers by 2020.

The networking giant’s sixth annual Global Cloud Index report contains a series of divinations and oracles charting how enterprise and consumer use of off-premise services is set to change between now and 2020.

According to the entrails of a rather healthy ram, the amount of cloud-based IP traffic will rise from 3.9 zettabytes to 14.1 zettabytes by 2020, as enterprises and consumers ramp up their use of off-premise apps and services in the years to come.

Meanwhile, according to the way that the chickens are fed, the amount of traffic passing through traditional, enterprise data centers will hit 1.3 zettabytes by 2020, up from 827 exabytes per year in 2015.

The Cisco Sybil, who after chewing laurel leaves and breathing in toxic fumes, said that by 2020, this means just eight per cent of workloads are likely to run in private datacentres, while remaining ones will be hosted in hyperscale, cloud datacentres.

After the priests of Apollo analysed the sooths, Cisco said it expects around 68 per cent of workloads to run in public cloud datacentres by 2020, up from 49 per cent in 2015. Meanwhile, 32 per cent will be hosted in private cloud facilities, which represents a marked drop from 51 per cent last year.

For the first time, Cisco’s oracles have provided a breakdown of how the rise of hyperscale datacentres which are the sorts of things that Facebook, Amazon and Google are running.

Between 2015 and 2020, Cisco believes the number of hyperscale datacentres in the world will increase from 259 to 485, coinciding with a quintuple rise in the amount of network traffic being routed to them.Hyperscale facilities will house around 47 per cent of the world’s total installed datacentre servers, and support 53% of all datacentre traffic by 2020.

While Cisco acknowledges that IoT will be the source of massive amounts of data as more devices come online, at this stage it is unclear how much of that information will need to be stored in datacentres and how much will be processed locally on devices.“Globally, data generated (but not necessarily stored) by IoT will reach 600 ZB per year by 2020, 275 times higher than projected traffic going from datacentres to users/devices,” the report said.

Cisco’s Talos security intelligence and research group has found a nasty piece of French software that has quietly installed backdoors on 12 million computers around the world so its owners can spam the chaîne d'oignons out of users.

The software, which exhibits adware and spyware capabilities, was developed by a French online advertising company called Tuto4PC. This company was formerly known as Eorezo group and has been linked to an outfit called Wizzlabs. In English a “wiz” is slang for having a Nintendo, which, if Talos is correct, is appropriate for what its software does to your privacy.

Talos peaked under the bonnet of Tuto4PC’s OneSoftPerDay application which sounds a bit like an advert for an inverted Viagra and in many ways it is. Its investigation uncovered roughly 7,000 unique samples with names containing the string “Wizz,” including “Wizzupdater.exe,” “Wizzremote.exe” and “WizzInstaller.exe.” The string also showed up in some of the domains the samples had been communicating with.

When installed with administrator rights, the software could download and install other software, including the scareware System Healer. It also harvested personal information. To make matters worse the software is designed to detect the presence of sandboxes, antiviruses, security tools, forensic software and remote access doors.

These “features” have led Cisco Talos to classify the Tuto4PC software as a “full backdoor capable of a multitude of undesirable functions on the victim machine.”

Tuto4PC’s website claims to offer hundreds of tutorials that users can access for free by installing a piece of software that displays ads. It claims that its network is made up of more than 12 million PCs in 2014, which could explain why Cisco’s systems detected the backdoor on 12 million devices.Infections have been found in the United States, Australia, Japan, Spain, the UK, France and New Zealand.

In response to Cisco’s blog post, Tuto4PC Group CEO Franck Rosset clarified that its antivirus bypass technology is not used for malicious purposes. It is just designed to make it easier for users to install its applications, which have been blocked by antiviruses.

Without using the word Roast-Beef-Eating ‘amburger munchers to describe Cisco, the company indignantly told SecurityWeek [shurely weak security.ed] :

“The Talos blogpost is inaccurate in describing Tuto4PC as a shady malware distribution enterprise. We are currently working with our lawyers in order to evaluate the action we can take against Talos’ inexact (negative) presentation of our business.”

It claimed that it was listed company on the French stock exchange and had been creating widgets, tutorials etc. for free download on download websites for years. The download of its programs is for free subject to agreement for accepting advertising from an adware attached in the download.

“Contrary to Talos’ wrongful allegations, our business has been approved by French regulators and we have never been indicted or sued for any malware distribution!!!!”

It used four exclamation marks as a token of its Gallic anger

“Due to some undue blocking by antiviruses that recently blocked Tuto4PC adware (some of them have also an adware business model), we are using a bypass technology so that people can easily download our programs (and adware). Although the bypass software is extremely efficient, it has no other purpose or use that helping the Tuto4PC adware download,” the company said.

There is no malware activity and Talos cannot prove or show any malware use of the program — with more than 10 million installed, if there was to be any malware activity, obviously there should be some user complaints, the company said.

“We are a French company — very easy to reach, we are not hiding in some rogue country — we do not understand why Talos has not contacted us prior to their post,” the outfit complained.

Ironically the company says that one of its subsidiarys Cloud 4PC is going to launch “AV Booster,” an antivirus booster that will help stop any real malware that use bypass techniques including the ones it has developed.

Cisco has patched high-impact vulnerabilities in several of its cable modem and residential gateway devices which are popular among those distributed by ISPs to their customers.

The embedded Web server in the Cisco Cable Modem with Digital Voice models DPC2203 and EPC2203 contains a buffer overflow vulnerability that can be exploited remotely without authentication. Apparently all you need to do is send a crafted HTTP requests to the Web server and you could see some arbitrary code execution.

Cisco said that its customers should contact their service providers to ensure that the software version installed on their devices includes the patch for this issue.

The Web-based administration interfaces of the Cisco DPC3941 Wireless Residential Gateway with Digital Voice and Cisco DPC3939B Wireless Residential Voice Gateway are affected by a vulnerability that could lead to information disclosure. An unauthenticated, remote attacker could exploit the flaw by sending a specially crafted HTTP request to an affected device in order to obtain sensitive information from it.

The Cisco Model DPQ3925 8x4 DOCSIS 3.0 Wireless Residential Gateway with EDVA is affected by a separate vulnerability, also triggered by malicious HTTP requests, that could lead to a denial-of-service attack.

Hackers have been hitting modems, routers and other gateway devices, hard lately – especially those distributed by ISPs to their customers. By compromising such devices, attackers can snoop on, hijack or disrupt network traffic or can attack other devices inside local networks.

On Friday, a group of industry leaders making headway in the Internet of Things (IoT) market announced a cross-industry collaboration effort aimed at unlocking the massive opportunities for consumers and business with IoT devices, and ultimately a way to quickly get everyone to adopting a single open standard.

The spearheaded effort, known as the Open Connectivity Foundation (OCF), is being lead by Arris, CableLabs, Cisco, Electrolux, GE Digital, Intel, Microsoft, Qualcomm and Samsung. Basically, the industry has finally reached a point where it realized there are too many proprietary IoT solutions that do not interoperate, and as a result the market is getting off to a slow start. To accelerate the pace of market adoption, they are agreeing to launch this cross-collaboration effort based around an open source SDK for Linux, Android and several other platforms.

“Representing a significant cross-industry collaboration, OCF is the only organization comprised of technology suppliers at all levels (product, software, platform and silicon) dedicated to providing this key element of an IoT solution,” says Imad Sousou, Intel Vice President of Software and Services. “By allowing providers to build on a single, open standard, OCF will drive secure interoperability for consumers, business, and industry, which is key to unlocking the massive opportunity, accelerating industry innovation, speeding product development and spurring adoption.”

The industry collaboration group will hold a talk at MWC 2016 on Tuesday, February 23rd titled “Four Years From Now” that is focused heavily towards their open-source software framework, called IoTivity. The talk aims to provide an overview of the Open Connectivity Foundation (OCF), the specification and certification program, and an overview of the open-source SDK running on anything from “embedded devices to rich platforms supporting multiple communication interfaces.”While the name “IoTivity” sounds more like a PR stunt than anything, the standard will eventually allow devices to communicate across multiple technologies and industries. These include home automation, healthcare, the automotive industry, the construction and machinery industries, the security industry, and farming and agriculture, among others.

An example of the IoTivity framework in action with a Heart Rate Monitor (OIC Core Specification v1.0, December 2015, p.25)

IoTivity 1.0.1, the second iteration of the group’s open-source SDK, was published on December 18, 2015 and can be downloaded here. The framework’s core functionality was written in C and it works on Linux, Android, Arduino, Samsung Tizen and the Yocto Project. Java and JavaScript versions are also in the process of being developed.

Global internet traffic will a zetta-byte for the first time this year according to Cisco.

Cisco has been adding up its numbers and worked out that traffic has increased fivefold in the last five years.

A zetta-byte is the equivalent of 909,494,701.773 terabytes - or nearly a trillion gigabytes. That is about 667 trillion movies, or approximately 152 million years-worth of HD porn.

The traffic is expected to keen growing. Cisco said it will double again by 2019. Most traffic will continue to come from fixed broadband connections, but mobile data will grow rapidly at an average rate of 57 per cent a year.

That can be attributed to more connected mobile gadgets. By 2020, 5.5 billion people will have a mobile device, and by 2020 more people will have mobile phones than essential utilities like running water or electricity.

A huge amount of the increased data will come from online video, including catch-up TV services like BBC iPlayer and on-demand services like Netflix.

Cisco reckons that streaming video will account for 41 per cent of all internet data, and by 2019 that will rise to 54 per cent.

The research predicts that fixed broadband speeds will increase in the next three years. In 2014, the average broadband speed globally was 20Mb, but by 2019 it will have increased to 43Mb.

Someone has quietly installed backdoors three years ago in a core piece of networking equipment used to protect corporate and government systems around the world.

Juniper Networks has admitted that it has found “unauthorised” code embedded in an operating system running on some of its firewalls.

The code, which appears to have been in multiple versions of the company’s ScreenOS software going back to at least August 2012, would have allowed attackers to take complete control of Juniper NetScreen firewalls running the affected software.

Attackers with resources and skills could separately decrypt encrypted traffic running through the Virtual Private Network, or VPN, on the firewalls.

Bob Worrall, the companies’ CIO wrote in a post that the code was found during a recent internal code review.

Patched releases for the latest versions of ScreenOS have since been issued. He pointed out that while the spooks who put the backdoors in place might have patted themselves on the back, they could have been found and exploited by anyone friend or foe.

The backdoors placed a hardcoded master password left behind in Juniper’s software by the attackers. All the attackers had to do was figure out the password by examining Juniper’s code.

'This is a very good showcase for why backdoors are really something governments should not have in these types of devices because at some point it will backfire," he said.

The weakness in the VPN itself that enables passive decryption is only of benefit to a national surveillance agency like the British, the US, the Chinese, or the Israelis. This is because you need to have wiretaps on the internet for that to be a valuable change to make in the software.”

Juniper released patches for the software yesterday and advised customers to install them immediately, noting that firewalls using ScreenOS 6.2.0r15 through 6.2.0r18 and 6.3.0r12 through 6.3.0r20 are vulnerable. Release notes for 6.2.0r15 show that version being released in September 2012, while release notes for 6.3.0r12 show that the latter version was issued in August 2012.

Still Juniper is not the only router maker who faced this sort of problem. Its rival Cisco found a similar issue earlier this year.

Researchers at Cisco have stopped the spread of a massive international exploit kit which is commonly used in ransomware attacks.

The Talos security team, at Cisco, were monitoring the Angler Exploit Kit, which is "currently one of the most effective tools for nicking personal information", in case you are interested.

The team found that half of the computers infected with Angler were connecting with servers based at a Dallas facility, owned by provider Limestone Networks. The servers had been hired by cybercriminals using stolen payment details. Once informed, Limestone cut the servers from its network and handed over the data to the researchers.

Cisco recovered the authentication protocols behind the software and told its mates in the security companies how to disable connections to infected devices.

Talos manager Craig Williams suggested that the research and consequent action will be "really damaging" to the attackers' network, adding that since Limestone cut the criminal servers, the rate of Angler infections had had fallen dramatically.

Sold online across black market platforms, exploit kits such as Angler are available to purchase as small packages which hunt out vulnerabilities in web applications and other popular software programmes. Once they gain control of a target computer, criminals can install malicious code, including ransomware attacks capable of stealing personal data and demanding payment for its return.

According to Talos, had three per cent of Angler infected users paid a ransom of around $300 and those involved in the Limestone server crimes could have made a cool $34 million.

The Chinese government is set to hack off the US government by working on a set of banking cyber security regulations.

It had suspended the move earlier this year because it will annoy US tech companies considerably.

Last week in Beijing, officials from the China Banking Regulatory Commission (CBRC) told representatives from several Western technology companies, including Microsoft, IBM and Cisco Systems, they would seek opinions over the next month on a new version of the bank procurement rules.

The previous regulations which were put on ice, contained provisions that required Chinese banks to buy more domestic IT equipment or Western tech vendors to disclose secret source code if they sell to lenders.

Foreign tech companies were briefly optimistic that the rules would be dropped indefinitely, their resumption now underlines China's determination to follow through on what is considered a top national security priority for Beijing.

Xi, who visited California in 2013, will make his first state visit next month to the White House, where cyber security disputes, including the theft of US government personnel data by suspected Chinese hackers, are expected to be on the agenda.

However the Chinese can equally complain that the US was just as bad and it had also blocked Chinese companies competing in the US on security fears.

Many fear that even if Beijing formally rolled back some of the more onerous terms, banks would still unofficially be discouraged from purchasing foreign equipment.

CBRC officials appeared sensitive to the criticism, saying at last week's meeting they had consulted China's Ministry of Commerce and WTO experts to ensure that its proposals would meet China's free-trade obligations, according to the person who attended the meeting.

The networking company, which was turned over by the US spooks using backdoors, has just written a cheque for an outfit which provides alternative DNS servers for its users.

More than 65 million Internet users spread across more than 150 countries use OpenDNS included the employees of more than 10,000 organizations.

Writing in his bog David Ulevitch the CEO of Open DNS insists that the change will be business as usual.

He said that this would be a an incredible milestone for OpenDNS.

"Cisco made a compelling case that we would be stronger together, we agreed. We're confident about this next move for us. Cisco has great respect for the technology we've built and taken to market, for our incredible team, and for our culture. Cisco is not buying OpenDNS for our individual components, but for the whole. I will speak more about this today and over the coming weeks," he wrote.

Curiously he did not mention anything about the fact that the move could give US spooks control of the OpenDNS servers. While Cisco is not in the pocket of the NSA, it is a lot more vulnerable to court orders than companies which are not based in the US or are too small to have pressure placed on them, like OpenDNS was until today.

BlackBerry is still a long way from being out of the woods. The outfit reported worse-than-expected first-quarter financial results as phone sales continued their long slide.

The outfit said that its revenue fell about 32 percent to $658 million which was well short of what the cocaine nose jobs of Wall Street predicted.

Wall street generally expected $684.5 million in revenue.

The outfit has been trying to refocus on software. During the quarter it completed its acquisition of WatchDox, a provider of secure enterprise file-sync-and-share technology. It also has announced a long-term patent cross-licensing deal with Cisco.

Software and technology licensing revenue more than doubled during the quarter to $137 million.

Shares of the Canadian company jumped 54 cents, or 5.7 percent, to $9.69 in premarket trading. BlackBerry shares have declined 16 percent since the beginning of the year.